< draft-newman-telnet-sasl-00.txt   draft-newman-telnet-sasl-01.txt >
Network Working Group C. Newman Network Working Group C. Newman
Internet Draft: Using SASL/GSSAPI with Telnet Innosoft Internet Draft: Telnet SASL Option Innosoft
Document: draft-newman-telnet-sasl-00.txt January 1998 Document: draft-newman-telnet-sasl-01.txt November 1998
Using SASL and GSSAPI with Telnet Telnet SASL Option
Status of this memo Status of this memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in as reference material or to cite them other than as "work in
progress." progress."
To view the entire list of current Internet-Drafts, please check To view the entire list of current Internet-Drafts, please check
the "1id-abstracts.txt" listing contained in the Internet-Drafts the "1id-abstracts.txt" listing contained in the Internet-Drafts
Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net
(Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East (Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East
Coast), or ftp.isi.edu (US West Coast). Coast), or ftp.isi.edu (US West Coast).
Introduction Abstract
Telnet has its own custom authentication negotiation framework It is common today for Internet client software to implement
defined in ''Telnet Authentication Option'' [TELNET-AUTH]. This has multiple Internet protocols. SASL [SASL] provides an
primarily been used for Kerberos v4 [TELNET-KRB], but is largely authentication framework which permits multi-protocol clients and
unused otherwise as there is only limited development of telnet servers to reuse security-sensitive authentication code. This memo
products and protocols. It is desirable to have telnet leverage defines a SASL profile for the Telnet [TELNET] protocol.
development of new security services for new protocols. Therefore,
future use of the Telnet authentication option is deprecated in
favor of a new SASL [SASL] authentication option suitable for use
with SASL and GSSAPI [GSSAPI] mechanisms. This service can
complement use of TLS with Telnet [TELNET-TLS].
[NOTE: This proposal is in response to a request by the TN3270e WG This proposal will be discussed on the telnet-ietf mailing list.
to have SASL or GSSAPI available when TLS is too heavy-weight. I To subscribe, send the word "subscribe" to
will not request a telnet option number for this until there is <telnet-ietf-request@bsdi.com>.
rough concensus that it is a good idea. Public discussion of this
mechanism may take place on the tn3270e@list.nih.gov mailing list
with a subscription address of listserv@list.nih.gov. Private
comments may be sent to the author].
1. Conventions Used in this Document 1. Conventions Used in this Document
The key words "REQUIRED", "MUST", "MUST NOT", "SHOULD", "SHOULD The key words "REQUIRED", "MUST", "MUST NOT", "SHOULD", "SHOULD
NOT", and "MAY" in this document are to be interpreted as described NOT", and "MAY" in this document are to be interpreted as described
in "Key words for use in RFCs to Indicate Requirement Levels" in "Key words for use in RFCs to Indicate Requirement Levels"
[KEYWORDS]. [KEYWORDS].
Formal syntax is defined using ABNF [ABNF]. In examples, "C:" and "S:" indicate data sent by the client (end
which does a TCP active option) and server (end which does a TCP
In examples, "C:" and "S:" indicate lines sent by the client and passive open) respectively.
server respectively.
2. Mechanism Requirements
It is important that all telnet implementations are capable of
interoperable authentication without the use of unencrypted
plaintext passwords.
For the usage scenarios with the TN3270 protocol, it looks like the
TLS protocol in combination with traditional embedded plaintext
passwords will be preferable because TN3270 is often performed by a
proxy with no knowledge of the users. This suggests it is the
correct mandatory to implement mechanism for TN3270. Regular
telnet servers, on the other hand, have been successfully modified
to support mechanisms such as Kerberos, and a full TLS layer might
be more expensive than necessary in many cases. This is where a
lighter-weight SASL or GSSAPI mechanism may be preferable.
Unfortunately, the CRAM-MD5 [CRAM-MD5] SASL mechanism (which is 2. Background for this Proposal
likely to be the mandatory to implement choice for a number of
services) is particularly unsuited to the Telnet protocol as a
machine which supports both CRAM-MD5 and remote login risks
exposing the authentication database and thus risks an attacker
gaining the ability to impersonate all users to any CRAM-MD5
authenticated service with the same passphrase.
The SCRAM-MD5 [SCRAM] mechanism might suffice, but is probably too Telnet has its own single-protocol authentication framework defined
new to gain rough concensus. This leaves OTP-SHA1 [OTP-SASL] as in "Telnet Authentication Option" [TELNET-AUTH] which predates SASL
the preferred choice for the mandatory to implement lightweight [SASL]. This old Telnet authentication option and the associated
authentication mechanism in combination with this telnet extension. encryption option [TELNET-ENC] do not provide integrity protection
facilities, machine parsible error codes (e.g. to alert the client
of an expired passphrase), or a way to integrate GSSAPI [GSSAPI]
into Telnet.
[NOTE: This issue is certainly open for debate, as is the wisdom of Adding SASL and using it for new authentication mechanisms will
replacing the old telnet AUTHENTICATE option]. improve reuse of security-sensitive code in multi-protocol clients
in addition to addressing the other issues. While it would be
possible to layer SASL support on top of the existing
authentication option, it could result in an extra round-trip and
would have potentially confusing interactions with the modifiers
field in the Telnet authentication option.
3. Kerberos V4 Compatibility 3. Kerberos Compatibility
Both SASL and the old Telnet authentication option offer Kerberos Both SASL and the old Telnet authentication option offer Kerberos
V4 mechanisms. It is usually not desirable to deploy two V4 mechanisms. It is usually not desirable to deploy two
incompatible mechanisms for the same function, however, the incompatible mechanisms for the same function, however, the
KERBEROS_V4 SASL mechanism is more resistant to reply attacks and KERBEROS_V4 SASL mechanism is more resistant to reply attacks and
provides encryption services. Currently deployed Kerberos V4 provides integrity services. Currently deployed Kerberos V4 Telnet
telnet implementations use encryption support which was documented implementations have no integrity protection and the encryption
in an expired internet draft and is susceptible to active attacks. service is subject to an active down negotiation attack.
Implementations which offer support for the KERBEROS_V4 SASL Implementations which offer support for the KERBEROS_V4 SASL
mechanism SHOULD also implement the old Telnet authentication mechanism SHOULD also implement the old Telnet authentication
option Kerberos v4 mechanism. This will provide better option Kerberos v4 mechanism. This will provide better
interoperability with deployed implementations. When both options interoperability with deployed implementations. When both options
are available, the KERBEROS_V4 SASL mechanism SHOULD be used in are available, the KERBEROS_V4 SASL mechanism SHOULD be used in
preference to the old telnet authentication mechanism. preference to the old Telnet authentication mechanism, unless
encryption without integrity protection is desired.
The author is not aware of implementation of Kerberos V5 via the Both the SASL GSSAPI mechanism and the old Telnet authentication
old Telnet authentication option. Therefore the GSSAPI SASL option offer Kerberos V5 mechanisms. The only difference is that
mechanism is the preferred method for Kerberos V5. [NOTE: anyone the SASL GSSAPI Kerberos 5 mechanism includes integrity protection
else know of a Kerb5 telnet?] not available via the old authentication and encryption options. A
server supporting Kerberos V5 SHOULD implement the old Kerberos V5
authentication option for backwards compatibility.
4. SASL Telnet Option 4. SASL Telnet Option
The SASL telnet option is telnet option number XXX. For historical The GSSAPI/SASL service name for this profile of SASL is "rcmd".
reasons, the GSSAPI/SASL service name for this SASL profile is
"rcmd".
#define TELOPT_SASL XXX The SASL Telnet option is Telnet option number XXX. It has the
following subnegotiation options:
It has the following subnegotiation options: LIST 0
START 1
STEP 2
CANCEL 3
DONE 4
#define TELSASL_LIST 0 The DONE subnegotiation option has the following codes:
#define TELSASL_START 1
#define TELSASL_STEP 2
#define TELSASL_SUCCESS 3
#define TELSASL_FAIL 4
The SASL telnet option is negotiated only one way. The server SUCCESS 0
offers the SASL option with "WILL SASL" and the client announces CANCELLED 1
support with "DO SASL." Once the option is successfully BADAUTH 2
negotiated, the server sends the LIST subnegotiation containing a BADPROT 3
space separated list of SASL mechanisms available: NOTAUTHZ 4
EXPIRED 5
ENCRYPT 6
TOOWEAK 7
TRANS 8
DISABLED 9
S: IAC WILL SASL The SASL Telnet option is negotiated only one way. The server asks
C: IAC DO SASL the client to use SASL with "DO SASL" and the client announces
S: IAC SB SASL LIST "KERBEROS_V4 GSSAPI CRAM-MD5 OTP-SHA1" IAC SB support with a "WILL SASL" message. Once the option is
The client then sends the START subnegotiation to begin a SASL successfully negotiated, the server sends the LIST subnegotiation
exchange with the server. This subnegotiation contains the containing an ASCII string with a space separated list of available
mechanism name followed by an ASCII NUL character followed by the SASL mechanisms:
initial client response, if present. The client is not required to
wait for the LIST message from the server prior to sending the
START message.
C: IAC SB SASL START "CRAM-MD5" NUL IAC SE S: IAC DO SASL
C: IAC WILL SASL
S: IAC SB SASL LIST "KERBEROS_V4 GSSAPI CRAM-MD5 OTP" IAC SB
The client sends the START subnegotiation to begin a SASL exchange
with the server. The START subnegotiation contains the desired
mechanism name optionally followed by an ASCII NUL character and an
initial client response. The client is not required to wait for
the LIST message from the server prior to sending a START message.
C: IAC SB SASL START "CRAM-MD5" IAC SE
This is followed by a series of STEP messages containing SASL This is followed by a series of STEP messages containing SASL
messages for the client and server respectively: messages for the client and server respectively:
S: IAC SB SASL STEP S: IAC SB SASL STEP
"<1896.697170952@postoffice.reston.mci.net>" IAC SE "<1896.697170952@postoffice.reston.mci.net>" IAC SE
C: IAC SB SASL STEP "tim b913a602c7eda7a495b4e6e7334d3890" IAC SE C: IAC SB SASL STEP "tim b913a602c7eda7a495b4e6e7334d3890" IAC SE
Note that it is important to perform IAC doubling if the octet Note that it is important to perform IAC doubling if the octet
value hexidecimal FF occurs in any SASL data. The server indicates value 255 occurs in any SASL data. This applies to data in the
successful completion of the exchange by sending the "SUCCESS" START, STEP and DONE suboptions.
subnegotiation which MAY contain an optional final mutual
authentication step.
S: IAC SB SASL SUCCESS IAC SE When a client receives a STEP message from the server, it MAY
cancel the authentication with the CANCEL message. The server will
respond with a DONE CANCELLED message. If the client wishes to
begin a new authentication, it MAY send a START message without
waiting for the server DONE CANCELLED message.
C: IAC SB SASL CANCEL IAC SE
S: IAC SB SASL DONE CANCELLED IAC SE
The server indicates successful completion of the exchange by
sending the DONE subnegotiation with SUCCESS status, which MAY
contain final server authentication data (usually for mutual
authentication purposes).
S: IAC SB SASL DONE SUCCESS IAC SE
If a SASL security layer is negotiated, it begins on the server end If a SASL security layer is negotiated, it begins on the server end
immediately after the SASL SUCCESS subnegotiation, and begins on immediately after the DONE SUCCESS subnegotiation, and begins on
the client end immediately after the last client START or STEP the client end immediately after the last client START or STEP
subnegotiation once the SUCCESS subnegotiation is received. subnegotiation once the SUCCESS subnegotiation is received.
The server indicates failure by sending the FAIL message with an For those cases where a security layer including integrity
optional error code: protection is negotiated, the server SHOULD send another LIST
suboption message matching the one initially sent. If the client
supports any stronger authentication mechanism, it SHOULD verify
that the new LIST suboption matches the one sent prior to
authentication.
S: IAC SB SASL FAIL BADAUTH IAC SE The server indicates failure by sending the DONE message with a
code other than SUCCESS, followed by a human readable string in the
character set currently active on the Telnet channel. If no
character set has been negotiated through prior agreement or the
Telnet CHARSET option [TELNET-CHARSET], then UTF-8 [UTF-8] is
assumed.
The following error codes are defined: S: IAC SB SASL DONE BADAUTH "Authentication Failed" IAC SE
#define TELSASL_BADAUTH 0 /* authentication failed */ The following error codes are defined by this specification. When
#define TELSASL_BADPROT 1 /* protocol violation */ in doubt of the appropriate error code, the BADAUTH error code
#define TELSASL_NOTAUTHZ 2 /* authorization failed */ should be used. Additional error codes MAY be defined by future
#define TELSASL_EXPIRED 3 /* passphrase/credentials expired */ standards track or IESG approved experimental RFCs.
#define TELSASL_ENCRYPT 4 /* encryption or stronger mech needed */
#define TELSASL_TOOWEAK 5 /* mechanism too weak for user */ CANCELLED
#define TELSASL_TRANS 6 /* transition needed to use new mech */ The authentication was cancelled by the client.
#define TELSASL_DISABLED 7 /* account disabled */
BADAUTH BADAUTH
This indicates that the user does not exist or the This indicates that the user does not exist or the
authentication failed for a reason other than those listed authentication failed for a reason other than those listed
below. below.
BADPROT BADPROT
This indicates the client attempted to use a mechanism not This indicates the client attempted to use a mechanism not
supported by the server, or the protocol for the SASL supported by the server, or the protocol for the SASL
mechanism was not followed. mechanism was not followed.
NOTAUTHZ NOTAUTHZ
This indicates the client successfully authenticated, but is This indicates the client successfully authenticated, but is
not authorized to login to the service with the requested SASL not authorized to login to the service with the requested SASL
authorization identity. authorization identity.
EXPIRED EXPIRED
This indicates that the client passphrase, one time passphrase This indicates that the client passphrase, public key
or public key certificate has expired and can be updated with certificate or other credential has expired and can be updated
an appropriate passphrase/credential change protocol. with an appropriate passphrase/credential change protocol.
ENCRYPT ENCRYPT
This indicates that the requested client mechanism is not This indicates that the requested client mechanism is not
permitted without an encryption layer, such as that provided permitted without an encryption layer, such as that provided
by TLS. The client may activate such encryption, or try a by TLS. The client may activate such encryption, or try a
stronger mechanism. stronger mechanism.
TOOWEAK TOOWEAK
This indicates that security policy does not permit the This indicates that security policy does not permit the
requested user to use the requested mechanism. For example, requested user to use the requested mechanism. For example,
an administrative user might be required to use a stronger an administrative user might be required to use a stronger
mechanism. mechanism.
TRANSThis indicates the user has a valid verifier in a server TRANS
This indicates the user has a valid verifier in a server
authentication database but the requested mechanism can not be authentication database but the requested mechanism can not be
used with that verifier. This also indicates that if the used with that verifier. This also indicates that if the
client changes the passphrase or does a one-time client changes the passphrase or does a one-time
authentication with a plaintext passphrase mechanism authentication with a clear-text passphrase mechanism
(preferably encrypted), then the appropriate authentication (preferably encrypted), then the appropriate authentication
database for the requested mechanism will be initialized. database for the requested mechanism will be initialized.
DISABLED DISABLED
This indicates that the user's account has been disabled. The This indicates that the user's account has been disabled. The
user must contact a system administrator to get their account user must contact a system administrator to get their account
re-enabled. re-enabled.
10. Security Considerations 5. Formal Syntax
The following formal syntax uses ABNF [ABNF]:
IAC = %d255 ; standard Telnet symbols
DO = %d253
WILL = %d251
SB = %d250
SE = %d240
SASL = %dXXX ; Telnet SASL option
LIST = %d0 ; Telnet SASL sub-options
START = %d1
STEP = %d2
CANCEL = %d3
DONE = %d4
; Miscellaneous single-character symbols
DIGIT = %d30-39 ; US-ASCII digit character
UPALPHA = %d65-90 ; Uppercase alphabetic characters
MECH-CHAR = %d65-90 / DIGIT / "-" / "_"
SAFE-DATA = %d0-254 ; octets which don't need quoting
TEXT = %d1-254 ; human readable text
SP = %d32 ; US-ASCII space
NUL = %d0 ; US-ASCII NUL
; Miscellaneous multi-character symbols
quoted-255 = %d255 %d255
sasl-mech = 1*20mech-char
subopt-data = SAFE-DATA / quoted-255
text = *subopt-data ; human readable text
sasl-data = *subopt-data
success = %d0 sasl-data
error = %d1-254 text
; Telnet SASL messages
sasl-do = IAC DO SASL
sasl-will = IAC WILL SASL
sasl-list = IAC SB SASL LIST *(sasl-mech SP) sasl-mech IAC SE
sasl-start = IAC SB SASL START sasl-mech [NUL sasl-data] IAC SE
sasl-step = IAC SB SASL STEP sasl-data IAC SE
sasl-cancel = IAC SB SASL CANCEL IAC SE
sasl-done = IAC SB SASL DONE (success / error) IAC SE
6. Security Considerations
This inherits the security considerations of SASL [SASL] and any This inherits the security considerations of SASL [SASL] and any
underlying mechanism used. underlying mechanism used.
The SASL LIST subnegotiation is not integrity protected and is thus The SASL LIST subnegotiation is not integrity protected and is thus
susceptible to tampering by an active attacker. The client can susceptible to tampering by an active attacker. There are two ways
address this issue by having a configurable list of acceptable to mitigate this attack: (1) have the client explicitly configured
mechanisms. In addition, if a SASL integrity protection layer is to use a specific mechanism and never fall back to a weaker one.
negotiated on, the server SHOULD re-issue the SASL LIST (2) have the client configurable to require integrity protection,
subnegotiation after the integrity layer is active so the client and verify that the LIST suboption value is the same both before
has the option of checking for tampering. A client which supports and after the integrity protection is applied.
a weaker integrity protected mechanism and a stronger mechanism
SHOULD verify the re-issued SASL LIST subnegotiation is unchanged
if the weaker integrity protected mechanism is used.
With some SASL mechanisms, the ENCRYPT or TOOWEAK error codes will With some SASL mechanisms, the ENCRYPT or TOOWEAK error codes will
be generated after sensitive information has been exposed. For be generated after sensitive information has been exposed. For
this reason, clients SHOULD be configurable to disable weaker this reason, clients SHOULD be configurable to disable weaker
mechanisms which might reveal sensitive information and SHOULD do mechanisms which might reveal sensitive information and SHOULD do
so for user, mechanism and server combinations which result in so for user, mechanism and server combinations which result in
these error codes. these error codes.
The TRANS error code could be spuriously generated by an active The TRANS error code could be spuriously generated by an active
attacker. For this reason, the client SHOULD NOT use a weaker attacker. For this reason, the client SHOULD NOT use a weaker
mechanism in response to a TRANS error code without explicit user mechanism in response to a TRANS error code without explicit user
permission. The TRANS error code can also be used to probe for permission. The TRANS error code can also be used to probe for
untransitioned users at a site. For this reason, sites must untransitioned users at a site. For this reason, sites must
consider the tradeoffs between a user-friendly transition to a consider the tradeoffs between a user-friendly transition to a
stronger mechanism and the risks entailed by permitting such stronger mechanism and the risks entailed by permitting such
transitions. transitions.
11. References Telnet server and client implementations MUST check for buffer
overrun on Telnet subnegotiations and deal with more data than will
fit in an internal buffer gracefully.
[ABNF] Crocker, Overell, "Augmented BNF for Syntax Specifications: ABNF", 7. References
RFC 2234, Internet Mail Consortium, Demon Internet Ltd, November 1997.
[ABNF] Crocker, Overell, "Augmented BNF for Syntax Specifications:
ABNF", RFC 2234, Internet Mail Consortium, Demon Internet Ltd,
November 1997.
[CRAM-MD5] Klensin, Catoe, Krumviede, "IMAP/POP AUTHorize Extension [CRAM-MD5] Klensin, Catoe, Krumviede, "IMAP/POP AUTHorize Extension
for Simple Challenge/Response", RFC 2195, MCI, September 1997. for Simple Challenge/Response", RFC 2195, MCI, September 1997.
[GSSAPI] Linn, "Generic Security Service Application Program [GSSAPI] Linn, "Generic Security Service Application Program
Interface, Version 2", RFC 2078, OpenVision Technologies, January Interface, Version 2", RFC 2078, OpenVision Technologies, January
1997. 1997.
[KEYWORDS] Bradner, "Key words for use in RFCs to Indicate Requirement [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Levels", RFC 2119, Harvard University, March 1997. Requirement Levels", RFC 2119, Harvard University, March 1997.
[OTP-SASL] Newman, "One Time Password SASL mechanism", work in progress. [OTP-SASL] Newman, C., "The One-Time-Password SASL mechanism", RFC
2444, Innosoft, October 1998.
[SASL] Myers, "Simple Authentication and Security Layer (SASL)", RFC [SASL] Myers, "Simple Authentication and Security Layer (SASL)",
2222, Netscape Communications, October 1997. RFC 2222, Netscape Communications, October 1997.
[SCRAM] Newman, "Salted Challenge Response Authentication Mechanism [TELNET] Postel, J., Reynolds, J., "TELNET PROTOCOL SPECIFICATION",
(SCRAM)", work in progress. RFC 854, ISI, May 1983.
[TELNET-AUTH] Borman, "Telnet Authentication Option", RFC 1416, Cray [TELNET-AUTH] Borman, "Telnet Authentication Option", RFC 1416,
Research, Inc., February 1993. Cray Research, Inc., February 1993.
[TELNET-KRB] Borman, "Telnet Authentication: Kerberos Version 4", RFC [TELNET-CHARSET] Gellens, R., "TELNET CHARSET Option", RFC 2066,
1411, Cray Research, Inc., January 1993. Unisys, January 1997.
12. Author's Address [TELNET-ENC] Ts'o, T., "Telnet Data Encryption Option", work in
progress.
[TELNET-KRB] Borman, "Telnet Authentication: Kerberos Version 4",
RFC 1411, Cray Research, Inc., January 1993.
[UTF-8] Yergeau, F. "UTF-8, a transformation format of ISO 10646",
RFC 2279, Alis Technologies, January 1998.
8. Author's Address
Chris Newman Chris Newman
Innosoft International, Inc. Innosoft International, Inc.
1050 Lakes Drive 1050 Lakes Drive
West Covina, CA 91790 USA West Covina, CA 91790 USA
Email: chris.newman@innosoft.com Email: chris.newman@innosoft.com
 End of changes. 43 change blocks. 
138 lines changed or deleted 203 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/